ESSENTIAL FUNCTIONS include the following. Other duties may be assigned.

Network Security (Hands‑On Ownership)

• Design, configure, and maintain enterprise network security controls, including Palo Alto firewalls, rulebases, segmentation, and secure connectivity patterns.
• Own and operate the Netskope Zero Trust / SSE platform, including access policies, data protection rules, and monitoring.
• Define and enforce network security standards (Zero Trust principles, segmentation, logging, egress controls) and validate adherence through configuration reviews and monitoring.
• Perform regular firewall, SSE, and network control reviews to identify risk, over‑permissive access, and audit exposure.

Vulnerability & Configuration Risk Management

• Own the vulnerability management lifecycle using Qualys, including scan coverage, severity thresholds, remediation SLAs, and verification.
• Assign and track remediation actions across IT teams; independently validate closure through rescans and evidence review.
• Govern patching and hardening outcomes across infrastructure and cloud services, ensuring results meet security and audit requirements.
• Enforce security‑related change control expectations, including documentation quality and emergency change review.
• Information Security Controls & Governance

• Enforce information security policies across Microsoft 365, Azure, AWS, and on‑premise systems, translating policy into enforceable technical controls.
• Conduct security risk assessments for new systems, architecture changes, and third‑party integrations; document risks and required controls.
• Operate and continuously improve security monitoring and alerting (including SIEM tooling where applicable).
• Research emerging threats and technologies and recommend security improvements aligned to business risk.

SOX & Internal Audit Gatekeeper

• Act as the single point of contact for internal and external auditors for SOX and security‑related audits.
• Serve as named control owner for assigned security and infrastructure ITGCs, with responsibility for:
• Control design and documentation (narratives, procedures, evidence standards)
• Evidence completeness, accuracy, and timeliness
• Walkthroughs and auditor inquiries
• Deficiency analysis, remediation planning, and validation of closure
• Maintain audit‑ready documentation and evidence repositories throughout the year.

Risk Exception & Decision Authority

• Act as the security approval authority for exceptions, compensating controls, and risk acceptances.
• Document business justification, compensating controls, and expiration dates for accepted risks.
• Escalate material or systemic risks to executive leadership with clear impact analysis and recommendations.

Incident Response, DR & Resilience

• Lead technical incident response activities, including containment, root‑cause analysis, and corrective action tracking.
• Maintain incident response and disaster recovery documentation; coordinate testing, tabletop exercises, and lessons learned.

Access Governance & Security Awareness

• Conduct periodic phishing simulation testing and analyze results to drive targeted remediation.
• Conduct quarterly User Access Reviews for SOX‑scoped applications and ensure timely remediation of findings.
• Review identity, access, and protection reports to identify control weaknesses and audit exposure.

Reporting & Executive Communication

• Prepare clear, executive‑level reporting on:
  • Risk posture
  • Vulnerability trends and mitigations
  • Audit status and findings
  • Control effectiveness and exceptions

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Bachelor’s degree in Computer Science or related field, or equivalent experience.
• 7+ years of progressive experience in network security and information security within a regulated or sensitive environment (financial services strongly preferred).
• Hands‑on experience securing Microsoft 365, Azure, AWS, and hybrid/on‑prem environments.
• Strong expertise with firewalls, zero trust, and vulnerability management
• Strong knowledge of Windows/Linux, VMWare, SQL Server, Active Directory, and networking.
• Demonstrated experience acting as primary audit contact and control owner for SOX or similar regulatory audits.
• Working knowledge of ISO 27000, SOX, PCI, and GLBA control expectations.
• Experience with Juniper and Cisco/Meraki network switches, a plus.
• Excellent written and verbal communication skills, including audit‑ready documentation and executive briefing
• Ability to manage IT projects and support strategic initiatives.
• Hands-on experience with SIEM systems and open-source security tools.
• Security certifications (preferred): CISSP, CISM, CCSP, or equivalent.

• Independent ownership and accountability
• Strong risk‑based judgment and business acumen
• Ability to say “no” and document defensible decisions
• Detail‑oriented with audit‑quality rigor
• Comfortable operating as a senior individual contributor authority without formal management responsibilities

While this description is intended to be an accurate reflection of the position’s requirements, it in no way implies/states that these are the only job responsibilities. Management reserves the right to modify, add or remove duties and request other duties, as necessary.

By applying to this position candidate acknowledges that this is not a remote role and is required to be on-site.

Compensation Range: $125,000 - $165,000/annual